[#66] Add Issue Template

Add bug report and feature request templates

Signed-off-by: Liza <e.chichindaeva@yadro.com>

.docker/Dockerfile

@@ -1,7 +1,7 @@
 FROM golang:1.19 as builder
 
 ARG BUILD=now
-ARG REPO=github.com/TrueCloudLab/frostfs-s3-gw
+ARG REPO=git.frostfs.info/TrueCloudLab/frostfs-s3-gw
 ARG VERSION=dev
 
 WORKDIR /src

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,45 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: community, triage, bug
+assignees: ''
+
+---
+
+<!--- Provide a general summary of the issue in the Title above -->
+
+## Expected Behavior
+<!--- If you're describing a bug, tell us what should happen -->
+<!--- If you're suggesting a change/improvement, tell us how it should work -->
+
+## Current Behavior
+<!--- If describing a bug, tell us what happens instead of the expected behavior -->
+<!--- If suggesting a change/improvement, explain the difference from current behavior -->
+
+## Possible Solution
+<!--- Not obligatory -->
+<!--- If no reason/fix/additions for the bug can be suggested, -->
+<!--- uncomment the following phrase: -->
+
+<!--- No fix can be suggested by a QA engineer. Further solutions shall be up to developers. -->
+
+## Steps to Reproduce (for bugs)
+<!--- Provide a link to a live example, or an unambiguous set of steps to -->
+<!--- reproduce this bug. -->
+
+1.
+
+## Context
+<!--- How has this issue affected you? What are you trying to accomplish? -->
+<!--- Providing context helps us come up with a solution that is most useful in the real world -->
+
+## Regression
+<!-- Is this issue a regression? (Yes / No) -->
+<!-- If Yes, optionally please include version or commit id or PR# that caused this regression, if you have these details. -->
+
+## Your Environment
+<!--- Include as many relevant details about the environment you experienced the bug in -->
+* Version used:
+* Server setup and configuration:
+* Operating System and version (`uname -a`):

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: community, triage
+assignees: ''
+
+---
+
+## Is your feature request related to a problem? Please describe.
+<!--- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+## Describe the solution you'd like
+<!--- A clear and concise description of what you want to happen. -->
+
+## Describe alternatives you've considered
+<!--- A clear and concise description of any alternative solutions or features you've considered. -->
+
+## Additional context
+<!--- Add any other context or screenshots about the feature request here. -->

CHANGELOG.md

@@ -6,12 +6,15 @@ This document outlines major changes between releases.
 
 ### Fixed
 - Get empty bucket CORS from frostfs (TrueCloudLab#36)
+- Don't count pool error on client abort (#35)
 
 ### Added
 - Return container name in `head-bucket` response (TrueCloudLab#18)
 - Billing metrics (TrueCloudLab#5)
 - Multiple configs support (TrueCloudLab#21)
 - Bucket name resolving policy (TrueCloudLab#25)
+- Support string `Action` and `Resource` fields in `bucketPolicy.Statement` (TrueCloudLab#32)
+- Add new `kludge.use_default_xmlns_for_complete_multipart` config param (TrueCloudLab#40)
 
 ### Changed
 - Update neo-go to v0.101.0 (#14)
@@ -21,6 +24,9 @@ This document outlines major changes between releases.
 - Return error on invalid LocationConstraint (TrueCloudLab#23)
 - Place billing metrics to separate url path (TrueCloudLab#26)
 - Add generated deb builder files to .gitignore, and fix typo (TrueCloudLab#28)
+- Limit number of objects to delete at one time (TrueCloudLab#37) 
+- CompleteMultipartUpload handler now sends whitespace characters to keep alive client's connection (#60)
+- Support new system attributes (#64)
 
 ## [0.26.0] - 2022-12-28
 

README.md

@@ -6,9 +6,7 @@
 </p>
 
 ---
-[![Report](https://goreportcard.com/badge/github.com/TrueCloudLab/frostfs-s3-gw)](https://goreportcard.com/report/github.com/TrueCloudLab/frostfs-s3-gw)
-![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/TrueCloudLab/frostfs-s3-gw?sort=semver)
-![License](https://img.shields.io/github/license/TrueCloudLab/frostfs-s3-gw.svg?style=popout)
+[![Report](https://goreportcard.com/badge/git.frostfs.info/TrueCloudLab/frostfs-s3-gw)](https://goreportcard.com/report/git.frostfs.info/TrueCloudLab/frostfs-s3-gw)
 
 # FrostFS S3 Gateway
 
@@ -16,7 +14,7 @@ FrostFS S3 gateway provides API compatible with Amazon S3 cloud storage service.
 
 ## Installation
 
-```go get -u github.com/TrueCloudLab/frostfs-s3-gw```
+```go get -u git.frostfs.info/TrueCloudLab/frostfs-s3-gw```
 
 Or you can call `make` to build it from the cloned repository (the binary will
 end up in `bin/frostfs-s3-gw` with authmate helper in `bin/frostfs-s3-authmate`).

api/auth/center.go

@@ -14,12 +14,12 @@ import (
 	"strings"
 	"time"
 
-	v4 "github.com/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/cache"
-	apiErrors "github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/tokens"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
+	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokens"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 )

api/auth/center_test.go

@@ -5,7 +5,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"github.com/stretchr/testify/require"
 )
 

api/cache/access_control.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/bluele/gcache"
 	"go.uber.org/zap"
 )

api/cache/accessbox.go

@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/bluele/gcache"
 	"go.uber.org/zap"
 )

api/cache/buckets.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"github.com/bluele/gcache"
 	"go.uber.org/zap"
 )

api/cache/cache_test.go

@@ -3,10 +3,10 @@ package cache
 import (
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	cidtest "github.com/TrueCloudLab/frostfs-sdk-go/container/id/test"
-	oidtest "github.com/TrueCloudLab/frostfs-sdk-go/object/id/test"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
+	oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zaptest/observer"

api/cache/names.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"time"
 
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/bluele/gcache"
 	"go.uber.org/zap"
 )

api/cache/objects.go

@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/bluele/gcache"
 	"go.uber.org/zap"
 )

api/cache/objects_test.go

@@ -4,9 +4,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	objecttest "github.com/TrueCloudLab/frostfs-sdk-go/object/test"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	objecttest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/test"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 )

api/cache/objectslist.go

@@ -6,8 +6,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/bluele/gcache"
 	"go.uber.org/zap"
 )

api/cache/objectslist_test.go

@@ -4,9 +4,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	cidtest "github.com/TrueCloudLab/frostfs-sdk-go/container/id/test"
-	oidtest "github.com/TrueCloudLab/frostfs-sdk-go/object/id/test"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
+	oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 )

api/cache/system.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"github.com/bluele/gcache"
 	"go.uber.org/zap"
 )

api/data/info.go

@@ -4,9 +4,9 @@ import (
 	"encoding/xml"
 	"time"
 
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )
 
 const (

api/data/tree.go

@@ -4,9 +4,9 @@ import (
 	"strconv"
 	"time"
 
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )
 
 const (

api/handler/acl.go

@@ -14,15 +14,15 @@ import (
 	"strconv"
 	"strings"
 
-	v2acl "github.com/TrueCloudLab/frostfs-api-go/v2/acl"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/object"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	v2acl "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"go.uber.org/zap"
 )
@@ -158,6 +158,90 @@ func (s ServiceRecord) ToEACLRecord() *eacl.Record {
 	return serviceRecord
 }
 
+var (
+	errInvalidStatement = stderrors.New("invalid statement")
+	errInvalidPrincipal = stderrors.New("invalid principal")
+)
+
+func (s *statement) UnmarshalJSON(data []byte) error {
+	var statementMap map[string]interface{}
+	if err := json.Unmarshal(data, &statementMap); err != nil {
+		return err
+	}
+
+	sidField, ok := statementMap["Sid"]
+	if ok {
+		if s.Sid, ok = sidField.(string); !ok {
+			return errInvalidStatement
+		}
+	}
+
+	effectField, ok := statementMap["Effect"]
+	if ok {
+		if s.Effect, ok = effectField.(string); !ok {
+			return errInvalidStatement
+		}
+	}
+
+	principalField, ok := statementMap["Principal"]
+	if ok {
+		principalMap, ok := principalField.(map[string]interface{})
+		if !ok {
+			return errInvalidPrincipal
+		}
+
+		awsField, ok := principalMap["AWS"]
+		if ok {
+			if s.Principal.AWS, ok = awsField.(string); !ok {
+				return fmt.Errorf("%w: 'AWS' field must be string", errInvalidPrincipal)
+			}
+		}
+
+		canonicalUserField, ok := principalMap["CanonicalUser"]
+		if ok {
+			if s.Principal.CanonicalUser, ok = canonicalUserField.(string); !ok {
+				return errInvalidPrincipal
+			}
+		}
+	}
+
+	actionField, ok := statementMap["Action"]
+	if ok {
+		switch actionField := actionField.(type) {
+		case []interface{}:
+			s.Action = make([]string, len(actionField))
+			for i, action := range actionField {
+				if s.Action[i], ok = action.(string); !ok {
+					return errInvalidStatement
+				}
+			}
+		case string:
+			s.Action = []string{actionField}
+		default:
+			return errInvalidStatement
+		}
+	}
+
+	resourceField, ok := statementMap["Resource"]
+	if ok {
+		switch resourceField := resourceField.(type) {
+		case []interface{}:
+			s.Resource = make([]string, len(resourceField))
+			for i, action := range resourceField {
+				if s.Resource[i], ok = action.(string); !ok {
+					return errInvalidStatement
+				}
+			}
+		case string:
+			s.Resource = []string{resourceField}
+		default:
+			return errInvalidStatement
+		}
+	}
+
+	return nil
+}
+
 func (h *handler) GetBucketACLHandler(w http.ResponseWriter, r *http.Request) {
 	reqInfo := api.GetReqInfo(r.Context())
 

api/handler/acl_test.go

@@ -13,14 +13,14 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/object"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/stretchr/testify/require"
 )
@@ -1352,6 +1352,85 @@ func TestBucketPolicy(t *testing.T) {
 	}
 }
 
+func TestBucketPolicyUnmarshal(t *testing.T) {
+	for _, tc := range []struct {
+		name   string
+		policy string
+	}{
+		{
+			name: "action/resource array",
+			policy: `
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Principal": {
+			"AWS": "arn:aws:iam::111122223333:role/JohnDoe"
+		},
+		"Effect": "Allow",
+		"Action": [
+			"s3:GetObject", 
+			"s3:GetObjectVersion"
+		],
+		"Resource": [
+			"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
+			"arn:aws:s3:::DOC-EXAMPLE-BUCKET2/*"
+		]
+	}]
+}
+`,
+		},
+		{
+			name: "action/resource string",
+			policy: `
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Principal": {
+			"AWS": "arn:aws:iam::111122223333:role/JohnDoe"
+		},
+		"Effect": "Deny",
+		"Action": "s3:GetObject",
+		"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
+	}]
+}
+`,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			bktPolicy := &bucketPolicy{}
+			err := json.Unmarshal([]byte(tc.policy), bktPolicy)
+			require.NoError(t, err)
+		})
+	}
+}
+
+func TestPutBucketPolicy(t *testing.T) {
+	bktPolicy := `
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Principal": {
+			"AWS": "*"
+		},
+		"Effect": "Deny",
+		"Action": "s3:GetObject",
+		"Resource": "arn:aws:s3:::bucket-for-policy/*"
+	}]
+}
+`
+	hc := prepareHandlerContext(t)
+	bktName := "bucket-for-policy"
+
+	box, _ := createAccessBox(t)
+	createBucket(t, hc, bktName, box)
+
+	w, r := prepareTestPayloadRequest(hc, bktName, "", bytes.NewReader([]byte(bktPolicy)))
+	ctx := context.WithValue(r.Context(), api.BoxData, box)
+	r = r.WithContext(ctx)
+	hc.Handler().PutBucketPolicyHandler(w, r)
+	assertStatus(hc.t, w, http.StatusOK)
+}
+
 func getBucketPolicy(hc *handlerContext, bktName string) *bucketPolicy {
 	w, r := prepareTestRequest(hc, bktName, "", nil)
 	hc.Handler().GetBucketPolicyHandler(w, r)

api/handler/api.go

@@ -1,12 +1,14 @@
 package handler
 
 import (
+	"encoding/xml"
 	"errors"
+	"io"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	"go.uber.org/zap"
 )
 
@@ -25,18 +27,24 @@ type (
 
 	// Config contains data which handler needs to keep.
 	Config struct {
-		Policy             PlacementPolicy
-		DefaultMaxAge      int
-		NotificatorEnabled bool
-		CopiesNumber       uint32
-		ResolveZoneList    []string
-		IsResolveListAllow bool // True if ResolveZoneList contains allowed zones
+		Policy                     PlacementPolicy
+		XMLDecoder                 XMLDecoderProvider
+		DefaultMaxAge              int
+		NotificatorEnabled         bool
+		CopiesNumber               uint32
+		ResolveZoneList            []string
+		IsResolveListAllow         bool // True if ResolveZoneList contains allowed zones
+		CompleteMultipartKeepalive time.Duration
 	}
 
 	PlacementPolicy interface {
 		Default() netmap.PlacementPolicy
 		Get(string) (netmap.PlacementPolicy, bool)
 	}
+
+	XMLDecoderProvider interface {
+		NewCompleteMultipartDecoder(io.Reader) *xml.Decoder
+	}
 )
 
 const (

api/handler/attributes.go

@@ -6,10 +6,10 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"go.uber.org/zap"
 )
 

api/handler/attributes_test.go

@@ -4,7 +4,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/copy.go

@@ -6,12 +6,12 @@ import (
 	"regexp"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/auth"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"go.uber.org/zap"
 )
 

api/handler/copy_test.go

@@ -6,7 +6,7 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/cors.go

@@ -5,9 +5,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"go.uber.org/zap"
 )
 

api/handler/cors_test.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 )
 
 func TestCORSOriginWildcard(t *testing.T) {

api/handler/delete.go

@@ -6,17 +6,20 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	apistatus "github.com/TrueCloudLab/frostfs-sdk-go/client/status"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 )
 
+// limitation of AWS https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjects.html
+const maxObjectsToDelete = 1000
+
 // DeleteObjectsRequest -- xml carrying the object key names which should be deleted.
 type DeleteObjectsRequest struct {
 	// Element to enable quiet mode for the request
@@ -176,6 +179,11 @@ func (h *handler) DeleteMultipleObjectsHandler(w http.ResponseWriter, r *http.Re
 		return
 	}
 
+	if len(requested.Objects) == 0 || len(requested.Objects) > maxObjectsToDelete {
+		h.logAndSendError(w, "number of objects to delete must be greater than 0 and less or equal to 1000", reqInfo, errors.GetAPIError(errors.ErrMalformedXML))
+		return
+	}
+
 	removed := make(map[string]*layer.VersionedObject)
 	toRemove := make([]*layer.VersionedObject, 0, len(requested.Objects))
 	for _, obj := range requested.Objects {

api/handler/delete_test.go

@@ -6,8 +6,8 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/encryption_test.go

@@ -12,8 +12,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/get.go

@@ -8,10 +8,10 @@ import (
 	"strings"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"go.uber.org/zap"
 )
 

api/handler/get_test.go

@@ -8,9 +8,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/handlers_test.go

@@ -13,15 +13,15 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/resolver"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
-	"github.com/TrueCloudLab/frostfs-sdk-go/object"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/resolver"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
@@ -63,6 +63,12 @@ func (p *placementPolicyMock) Get(string) (netmap.PlacementPolicy, bool) {
 	return netmap.PlacementPolicy{}, false
 }
 
+type xmlDecoderProviderMock struct{}
+
+func (p *xmlDecoderProviderMock) NewCompleteMultipartDecoder(r io.Reader) *xml.Decoder {
+	return xml.NewDecoder(r)
+}
+
 func prepareHandlerContext(t *testing.T) *handlerContext {
 	key, err := keys.NewPrivateKey()
 	require.NoError(t, err)
@@ -93,7 +99,8 @@ func prepareHandlerContext(t *testing.T) *handlerContext {
 		log: l,
 		obj: layer.NewLayer(l, tp, layerCfg),
 		cfg: &Config{
-			Policy: &placementPolicyMock{defaultPolicy: pp},
+			Policy:     &placementPolicyMock{defaultPolicy: pp},
+			XMLDecoder: &xmlDecoderProviderMock{},
 		},
 	}
 

api/handler/head.go

@@ -4,10 +4,10 @@ import (
 	"bytes"
 	"net/http"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"go.uber.org/zap"
 )
 

api/handler/head_test.go

@@ -6,10 +6,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/stretchr/testify/require"
 )

api/handler/info.go

@@ -3,7 +3,7 @@ package handler
 import (
 	"net/http"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 )
 
 func (h *handler) GetBucketLocationHandler(w http.ResponseWriter, r *http.Request) {

api/handler/list.go

@@ -4,8 +4,8 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )
 
 const maxObjectList = 1000 // Limit number of objects in a listObjectsResponse/listObjectsVersionsResponse.

api/handler/locking.go

@@ -8,10 +8,10 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 )
 
 const (

api/handler/locking_test.go

@@ -10,9 +10,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/multipart_upload.go

@@ -2,16 +2,17 @@ package handler
 
 import (
 	"encoding/xml"
+	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"strconv"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"github.com/google/uuid"
 	"go.uber.org/zap"
 )
@@ -372,8 +373,6 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
 	}
 
 	var (
-		sessionTokenSetEACL *session.Container
-
 		uploadID   = r.URL.Query().Get(uploadIDHeaderName)
 		uploadInfo = &layer.UploadInfoParams{
 			UploadID: uploadID,
@@ -384,7 +383,7 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
 	)
 
 	reqBody := new(CompleteMultipartUpload)
-	if err = xml.NewDecoder(r.Body).Decode(reqBody); err != nil {
+	if err = h.cfg.XMLDecoder.NewCompleteMultipartDecoder(r.Body).Decode(reqBody); err != nil {
 		h.logAndSendError(w, "could not read complete multipart upload xml", reqInfo,
 			errors.GetAPIError(errors.ErrMalformedXML), additional...)
 		return
@@ -399,10 +398,51 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
 		Parts: reqBody.Parts,
 	}
 
+	// Next operations might take some time, so we want to keep client's
+	// connection alive. To do so, gateway sends periodic white spaces
+	// back to the client the same way as Amazon S3 service does.
+	stopPeriodicResponseWriter := periodicXMLWriter(w, h.cfg.CompleteMultipartKeepalive)
+
+	// Start complete multipart upload which may take some time to fetch object
+	// and re-upload it part by part.
+	objInfo, err := h.completeMultipartUpload(r, c, bktInfo, reqInfo)
+
+	// Stop periodic writer as complete multipart upload is finished
+	// successfully or not.
+	headerIsWritten := stopPeriodicResponseWriter()
+
+	responseWriter := api.EncodeToResponse
+	errLogger := h.logAndSendError
+	// Do not send XML and HTTP headers if periodic writer was invoked at this point.
+	if headerIsWritten {
+		responseWriter = api.EncodeToResponseNoHeader
+		errLogger = h.logAndSendErrorNoHeader
+	}
+
+	if err != nil {
+		errLogger(w, "complete multipart error", reqInfo, err, additional...)
+		return
+	}
+
+	response := CompleteMultipartUploadResponse{
+		Bucket: objInfo.Bucket,
+		ETag:   objInfo.HashSum,
+		Key:    objInfo.Name,
+	}
+
+	// Here we previously set api.AmzVersionID header for versioned bucket.
+	// It is not possible after #60, because of periodic white
+	// space XML writer to keep connection with the client.
+
+	if err = responseWriter(w, response); err != nil {
+		errLogger(w, "something went wrong", reqInfo, err)
+	}
+}
+
+func (h *handler) completeMultipartUpload(r *http.Request, c *layer.CompleteMultipartParams, bktInfo *data.BucketInfo, reqInfo *api.ReqInfo) (*data.ObjectInfo, error) {
 	uploadData, extendedObjInfo, err := h.obj.CompleteMultipartUpload(r.Context(), c)
 	if err != nil {
-		h.logAndSendError(w, "could not complete multipart upload", reqInfo, err, additional...)
-		return
+		return nil, fmt.Errorf("could not complete multipart upload: %w", err)
 	}
 	objInfo := extendedObjInfo.ObjectInfo
 
@@ -417,21 +457,22 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
 			NodeVersion: extendedObjInfo.NodeVersion,
 		}
 		if _, err = h.obj.PutObjectTagging(r.Context(), tagPrm); err != nil {
-			h.logAndSendError(w, "could not put tagging file of completed multipart upload", reqInfo, err, additional...)
-			return
+			return nil, fmt.Errorf("could not put tagging file of completed multipart upload: %w", err)
 		}
 	}
 
 	if len(uploadData.ACLHeaders) != 0 {
+		sessionTokenSetEACL, err := getSessionTokenSetEACL(r.Context())
+		if err != nil {
+			return nil, fmt.Errorf("couldn't get eacl token: %w", err)
+		}
 		key, err := h.bearerTokenIssuerKey(r.Context())
 		if err != nil {
-			h.logAndSendError(w, "couldn't get gate key", reqInfo, err)
-			return
+			return nil, fmt.Errorf("couldn't get gate key: %w", err)
 		}
 		acl, err := parseACLHeaders(r.Header, key)
 		if err != nil {
-			h.logAndSendError(w, "could not parse acl", reqInfo, err)
-			return
+			return nil, fmt.Errorf("could not parse acl: %w", err)
 		}
 
 		resInfo := &resourceInfo{
@@ -440,12 +481,10 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
 		}
 		astObject, err := aclToAst(acl, resInfo)
 		if err != nil {
-			h.logAndSendError(w, "could not translate acl of completed multipart upload to ast", reqInfo, err, additional...)
-			return
+			return nil, fmt.Errorf("could not translate acl of completed multipart upload to ast: %w", err)
 		}
 		if _, err = h.updateBucketACL(r, astObject, bktInfo, sessionTokenSetEACL); err != nil {
-			h.logAndSendError(w, "could not update bucket acl while completing multipart upload", reqInfo, err, additional...)
-			return
+			return nil, fmt.Errorf("could not update bucket acl while completing multipart upload: %w", err)
 		}
 	}
 
@@ -459,24 +498,7 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
 		h.log.Error("couldn't send notification: %w", zap.Error(err))
 	}
 
-	bktSettings, err := h.obj.GetBucketSettings(r.Context(), bktInfo)
-	if err != nil {
-		h.logAndSendError(w, "could not get bucket settings", reqInfo, err)
-	}
-
-	response := CompleteMultipartUploadResponse{
-		Bucket: objInfo.Bucket,
-		ETag:   objInfo.HashSum,
-		Key:    objInfo.Name,
-	}
-
-	if bktSettings.VersioningEnabled() {
-		w.Header().Set(api.AmzVersionID, objInfo.VersionID())
-	}
-
-	if err = api.EncodeToResponse(w, response); err != nil {
-		h.logAndSendError(w, "something went wrong", reqInfo, err)
-	}
+	return objInfo, nil
 }
 
 func (h *handler) ListMultipartUploadsHandler(w http.ResponseWriter, r *http.Request) {
@@ -681,3 +703,62 @@ func encodeListPartsToResponse(info *layer.ListPartsInfo, params *layer.ListPart
 		Parts:            info.Parts,
 	}
 }
+
+// periodicXMLWriter creates go routine to write xml header and whitespaces
+// over time to avoid connection drop from the client. To work properly,
+// pass `http.ResponseWriter` with implemented `http.Flusher` interface.
+// Returns stop function which returns boolean if writer has been used
+// during goroutine execution. To disable writer, pass 0 duration value.
+func periodicXMLWriter(w io.Writer, dur time.Duration) (stop func() bool) {
+	if dur == 0 { // 0 duration disables periodic writer
+		return func() bool { return false }
+	}
+
+	whitespaceChar := []byte(" ")
+	closer := make(chan struct{})
+	done := make(chan struct{})
+	headerWritten := false
+
+	go func() {
+		defer close(done)
+
+		tick := time.NewTicker(dur)
+		defer tick.Stop()
+
+		for {
+			select {
+			case <-tick.C:
+				if !headerWritten {
+					_, err := w.Write([]byte(xml.Header))
+					headerWritten = err == nil
+				}
+				_, err := w.Write(whitespaceChar)
+				if err != nil {
+					return // is there anything we can do better than ignore error?
+				}
+				if buffered, ok := w.(http.Flusher); ok {
+					buffered.Flush()
+				}
+			case <-closer:
+				return
+			}
+		}
+	}()
+
+	stop = func() bool {
+		close(closer)
+		<-done // wait for goroutine to stop
+		return headerWritten
+	}
+
+	return stop
+}
+
+// periodicWriterErrorSender returns handler function to send error. If header is
+// alreay written by periodic XML writer, do not send HTTP and XML headers.
+func (h *handler) periodicWriterErrorSender(headerWritten bool) func(http.ResponseWriter, string, *api.ReqInfo, error, ...zap.Field) {
+	if headerWritten {
+		return h.logAndSendErrorNoHeader
+	}
+	return h.logAndSendError
+}

api/handler/multipart_upload_test.go

@@ -0,0 +1,48 @@
+package handler
+
+import (
+	"bytes"
+	"encoding/xml"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestPeriodicWriter(t *testing.T) {
+	const dur = 100 * time.Millisecond
+	const whitespaces = 8
+	expected := []byte(xml.Header)
+	for i := 0; i < whitespaces; i++ {
+		expected = append(expected, []byte(" ")...)
+	}
+
+	t.Run("writes data", func(t *testing.T) {
+		buf := bytes.NewBuffer(nil)
+		stop := periodicXMLWriter(buf, dur)
+
+		// N number of whitespaces + half durations to guarantee at least N writes in buffer
+		time.Sleep(whitespaces*dur + dur/2)
+		require.True(t, stop())
+		require.Equal(t, expected, buf.Bytes())
+
+		t.Run("no additional data after stop", func(t *testing.T) {
+			time.Sleep(2 * dur)
+			require.Equal(t, expected, buf.Bytes())
+		})
+	})
+
+	t.Run("does not write data", func(t *testing.T) {
+		buf := bytes.NewBuffer(nil)
+		stop := periodicXMLWriter(buf, dur)
+		time.Sleep(dur / 2)
+		require.False(t, stop())
+		require.Empty(t, buf.Bytes())
+
+		t.Run("disabled", func(t *testing.T) {
+			stop = periodicXMLWriter(buf, 0)
+			require.False(t, stop())
+			require.Empty(t, buf.Bytes())
+		})
+	})
+}

api/handler/not_support.go

@@ -3,8 +3,8 @@ package handler
 import (
 	"net/http"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 )
 
 func (h *handler) DeleteBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {

api/handler/notifications.go

@@ -8,11 +8,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"github.com/google/uuid"
 )
 

api/handler/notifications_test.go

@@ -3,8 +3,8 @@ package handler
 import (
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/object_list.go

@@ -6,11 +6,11 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
 
 // ListObjectsV1Handler handles objects listing requests for API version 1.

api/handler/object_list_test.go

@@ -6,7 +6,7 @@ import (
 	"strconv"
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/put.go

@@ -16,15 +16,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/auth"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"go.uber.org/zap"
 )
 

api/handler/put_test.go

@@ -8,8 +8,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"github.com/stretchr/testify/require"
 )
 

api/handler/tagging.go

@@ -8,10 +8,10 @@ import (
 	"strings"
 	"unicode"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"go.uber.org/zap"
 )
 

api/handler/unimplemented.go

@@ -3,8 +3,8 @@ package handler
 import (
 	"net/http"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 )
 
 func (h *handler) SelectObjectContentHandler(w http.ResponseWriter, r *http.Request) {

api/handler/util.go

@@ -7,11 +7,11 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"go.uber.org/zap"
 )
 
@@ -29,6 +29,19 @@ func (h *handler) logAndSendError(w http.ResponseWriter, logText string, reqInfo
 	h.log.Error("call method", fields...)
 }
 
+func (h *handler) logAndSendErrorNoHeader(w http.ResponseWriter, logText string, reqInfo *api.ReqInfo, err error, additional ...zap.Field) {
+	api.WriteErrorResponseNoHeader(w, reqInfo, transformToS3Error(err))
+	fields := []zap.Field{
+		zap.String("request_id", reqInfo.RequestID),
+		zap.String("method", reqInfo.API),
+		zap.String("bucket", reqInfo.BucketName),
+		zap.String("object", reqInfo.ObjectName),
+		zap.String("description", logText),
+		zap.Error(err)}
+	fields = append(fields, additional...)
+	h.log.Error("call method", fields...)
+}
+
 func transformToS3Error(err error) error {
 	if _, ok := err.(errors.Error); ok {
 		return err

api/handler/versioning.go

@@ -4,10 +4,10 @@ import (
 	"encoding/xml"
 	"net/http"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 )
 
 func (h *handler) PutBucketVersioningHandler(w http.ResponseWriter, r *http.Request) {

api/layer/cache.go

@@ -1,11 +1,11 @@
 package layer
 
 import (
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/cache"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"go.uber.org/zap"
 )
 

api/layer/compound.go

@@ -4,8 +4,8 @@ import (
 	"context"
 	errorsStd "errors"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 )
 
 func (n *layer) GetObjectTaggingAndLock(ctx context.Context, objVersion *ObjectVersion, nodeVersion *data.NodeVersion) (map[string]string, *data.LockInfo, error) {

api/layer/container.go

@@ -5,15 +5,15 @@ import (
 	"fmt"
 	"strconv"
 
-	v2container "github.com/TrueCloudLab/frostfs-api-go/v2/container"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-sdk-go/client"
-	"github.com/TrueCloudLab/frostfs-sdk-go/container"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"go.uber.org/zap"
 )
 

api/layer/cors.go

@@ -8,8 +8,8 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"go.uber.org/zap"
 )
 

api/layer/frostfs.go

@@ -7,16 +7,16 @@ import (
 	"io"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/container"
-	"github.com/TrueCloudLab/frostfs-sdk-go/container/acl"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
-	"github.com/TrueCloudLab/frostfs-sdk-go/object"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )
 
 // PrmContainerCreate groups parameters of FrostFS.CreateContainer operation.

api/layer/layer.go

@@ -11,18 +11,18 @@ import (
 	"strings"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/nats-io/nats.go"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"go.uber.org/zap"
@@ -329,8 +329,10 @@ func (n *layer) Owner(ctx context.Context) user.ID {
 
 func (n *layer) prepareAuthParameters(ctx context.Context, prm *PrmAuth, bktOwner user.ID) {
 	if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil {
-		prm.BearerToken = bd.Gate.BearerToken
-		return
+		if bktOwner.Equals(bearer.ResolveIssuer(*bd.Gate.BearerToken)) {
+			prm.BearerToken = bd.Gate.BearerToken
+			return
+		}
 	}
 
 	prm.PrivateKey = &n.anonKey.Key.PrivateKey

api/layer/locking_test.go

@@ -4,7 +4,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"github.com/stretchr/testify/require"
 )
 
@@ -43,10 +44,10 @@ func TestObjectLockAttributes(t *testing.T) {
 
 	expEpoch := false
 	for _, attr := range lockObj.Attributes() {
-		if attr.Key() == AttributeExpirationEpoch {
+		if attr.Key() == object.SysAttributeExpEpoch {
 			expEpoch = true
 		}
 	}
 
-	require.Truef(t, expEpoch, "system header __NEOFS__EXPIRATION_EPOCH presence")
+	require.Truef(t, expEpoch, "system header __SYSTEM__EXPIRATION_EPOCH presence")
 }

api/layer/multipart_upload.go

@@ -11,12 +11,12 @@ import (
 	"strings"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/minio/sio"
 	"go.uber.org/zap"
 )

api/layer/neofs_mock.go

@@ -10,18 +10,18 @@ import (
 	"io"
 	"time"
 
-	objectv2 "github.com/TrueCloudLab/frostfs-api-go/v2/object"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/checksum"
-	"github.com/TrueCloudLab/frostfs-sdk-go/container"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/object"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	objectv2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )
 
 type TestFrostFS struct {

api/layer/notifications.go

@@ -7,8 +7,8 @@ import (
 	errorsStd "errors"
 	"fmt"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"go.uber.org/zap"
 )
 

api/layer/object.go

@@ -14,14 +14,14 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/cache"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-sdk-go/client"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/object"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/minio/sio"
 	"github.com/panjf2000/ants/v2"
 	"go.uber.org/zap"

api/layer/system_object.go

@@ -9,14 +9,14 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
 
 const (
-	AttributeComplianceMode  = ".s3-compliance-mode"
-	AttributeExpirationEpoch = "__NEOFS__EXPIRATION_EPOCH"
+	AttributeComplianceMode = ".s3-compliance-mode"
 )
 
 type PutLockInfoParams struct {
@@ -238,7 +238,7 @@ func (n *layer) attributesFromLock(ctx context.Context, lock *data.ObjectLock) (
 	}
 
 	if lock.LegalHold != nil && lock.LegalHold.Enabled {
-		// todo: (@KirillovDenis) reconsider this when FrostFS will support Legal Hold https://github.com/TrueCloudLab/frostfs-contract/issues/2
+		// todo: (@KirillovDenis) reconsider this when FrostFS will support Legal Hold https://git.frostfs.info/TrueCloudLab/frostfs-contract/issues/2
 		// Currently lock object must have an expiration epoch.
 		// Besides we need to override retention expiration epoch since legal hold cannot be deleted yet.
 		expEpoch = math.MaxUint64
@@ -246,7 +246,7 @@ func (n *layer) attributesFromLock(ctx context.Context, lock *data.ObjectLock) (
 
 	if expEpoch != 0 {
 		result = append(result, [2]string{
-			AttributeExpirationEpoch, strconv.FormatUint(expEpoch, 10),
+			object.SysAttributeExpEpoch, strconv.FormatUint(expEpoch, 10),
 		})
 	}
 

api/layer/tagging.go

@@ -4,12 +4,12 @@ import (
 	"context"
 	errorsStd "errors"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"go.uber.org/zap"
 )
 

api/layer/tree_mock.go

@@ -6,8 +6,8 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
 
 type TreeServiceMock struct {

api/layer/tree_service.go

@@ -4,8 +4,8 @@ import (
 	"context"
 	"errors"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
 
 // TreeService provide interface to interact with tree service using s3 data models.

api/layer/util.go

@@ -9,11 +9,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-sdk-go/object"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 )
 
 type (

api/layer/util_test.go

@@ -6,11 +6,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-sdk-go/checksum"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/stretchr/testify/require"
 )
 

api/layer/versioning.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"sort"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 )
 
 func (n *layer) ListObjectVersions(ctx context.Context, p *ListObjectVersionsParams) (*ListObjectVersionsInfo, error) {

api/layer/versioning_test.go

@@ -5,13 +5,13 @@ import (
 	"context"
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	bearertest "github.com/TrueCloudLab/frostfs-sdk-go/bearer/test"
-	"github.com/TrueCloudLab/frostfs-sdk-go/object"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	bearertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer/test"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"

api/max_clients.go

@@ -4,7 +4,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 )
 
 type (

api/metrics.go

@@ -9,8 +9,8 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"github.com/prometheus/client_golang/prometheus"
 )
 
@@ -286,6 +286,12 @@ func (w *responseWrapper) Flush() {
 	}
 }
 
+func (w *writeCounter) Flush() {
+	if f, ok := w.ResponseWriter.(http.Flusher); ok {
+		f.Flush()
+	}
+}
+
 func (w *writeCounter) Write(p []byte) (int, error) {
 	n, err := w.ResponseWriter.Write(p)
 	atomic.AddUint64(&w.countBytes, uint64(n))

api/metrics_collector.go

@@ -1,7 +1,7 @@
 package api
 
 import (
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/version"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/version"
 	"github.com/prometheus/client_golang/prometheus"
 )
 

api/notifications/controller.go

@@ -7,8 +7,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/handler"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/handler"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"github.com/nats-io/nats.go"
 	"go.uber.org/zap"
 )

api/resolver/resolver.go

@@ -6,9 +6,9 @@ import (
 	"fmt"
 	"sync"
 
-	"github.com/TrueCloudLab/frostfs-sdk-go/container"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/ns"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ns"
 )
 
 const (

api/response.go

@@ -7,8 +7,8 @@ import (
 	"net/http"
 	"strconv"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/version"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/version"
 	"github.com/google/uuid"
 )
 
@@ -133,6 +133,13 @@ func WriteErrorResponse(w http.ResponseWriter, reqInfo *ReqInfo, err error) int
 	return code
 }
 
+// WriteErrorResponseNoHeader writes XML encoded error to the response body.
+func WriteErrorResponseNoHeader(w http.ResponseWriter, reqInfo *ReqInfo, err error) {
+	errorResponse := getAPIErrorResponse(reqInfo, err)
+	encodedErrorResponse := EncodeResponse(errorResponse)
+	WriteResponseBody(w, encodedErrorResponse)
+}
+
 // If none of the http routes match respond with appropriate errors.
 func errorResponseHandler(w http.ResponseWriter, r *http.Request) {
 	desc := fmt.Sprintf("Unknown API request at %s", r.URL.Path)
@@ -172,6 +179,11 @@ func WriteResponse(w http.ResponseWriter, statusCode int, response []byte, mType
 		return
 	}
 
+	WriteResponseBody(w, response)
+}
+
+// WriteResponseBody writes response into w.
+func WriteResponseBody(w http.ResponseWriter, response []byte) {
 	_, _ = w.Write(response)
 	if flusher, ok := w.(http.Flusher); ok {
 		flusher.Flush()
@@ -188,13 +200,30 @@ func EncodeResponse(response interface{}) []byte {
 	return bytesBuffer.Bytes()
 }
 
+// EncodeResponseNoHeader encodes response without setting xml.Header.
+// Should be used with periodicXMLWriter which sends xml.Header to the client
+// with whitespaces to keep connection alive.
+func EncodeResponseNoHeader(response interface{}) []byte {
+	var bytesBuffer bytes.Buffer
+	_ = xml.NewEncoder(&bytesBuffer).Encode(response)
+	return bytesBuffer.Bytes()
+}
+
 // EncodeToResponse encodes the response into ResponseWriter.
 func EncodeToResponse(w http.ResponseWriter, response interface{}) error {
 	w.WriteHeader(http.StatusOK)
 
 	if _, err := w.Write(xmlHeader); err != nil {
 		return fmt.Errorf("write headers: %w", err)
-	} else if err = xml.NewEncoder(w).Encode(response); err != nil {
+	}
+
+	return EncodeToResponseNoHeader(w, response)
+}
+
+// EncodeToResponseNoHeader encodes the response into ResponseWriter without
+// header status.
+func EncodeToResponseNoHeader(w http.ResponseWriter, response interface{}) error {
+	if err := xml.NewEncoder(w).Encode(response); err != nil {
 		return fmt.Errorf("encode xml response: %w", err)
 	}
 

api/router.go

@@ -5,8 +5,8 @@ import (
 	"net/http"
 	"sync"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/auth"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"github.com/google/uuid"
 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
@@ -117,6 +117,12 @@ func (lrw *logResponseWriter) WriteHeader(code int) {
 	})
 }
 
+func (lrw *logResponseWriter) Flush() {
+	if f, ok := lrw.ResponseWriter.(http.Flusher); ok {
+		f.Flush()
+	}
+}
+
 func setRequestID(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// generate random UUIDv4

api/user_auth.go

@@ -4,8 +4,8 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/auth"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
 )

authmate/authmate.go

@@ -11,17 +11,17 @@ import (
 	"os"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/cache"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/tokens"
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	frostfsecdsa "github.com/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokens"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"go.uber.org/zap"
@@ -349,12 +349,11 @@ func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetime
 	user.IDFromKey(&ownerID, (ecdsa.PublicKey)(*gateKey))
 
 	var bearerToken bearer.Token
-	bearerToken.SetEACLTable(*eacl.NewTable())
+	bearerToken.SetEACLTable(*table)
 	bearerToken.ForUser(ownerID)
 	bearerToken.SetExp(lifetime.Exp)
 	bearerToken.SetIat(lifetime.Iat)
 	bearerToken.SetNbf(lifetime.Iat)
-	bearerToken.SetImpersonate(true)
 
 	err := bearerToken.Sign(key.PrivateKey)
 	if err != nil {

authmate/session_tokens.go

@@ -4,9 +4,9 @@ import (
 	"encoding/json"
 	"fmt"
 
-	apisession "github.com/TrueCloudLab/frostfs-api-go/v2/session"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	apisession "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 )
 
 type (

authmate/session_tokens_test.go

@@ -3,7 +3,7 @@ package authmate
 import (
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"github.com/stretchr/testify/require"
 )
 

cmd/s3-authmate/main.go

@@ -13,13 +13,13 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/authmate"
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/frostfs"
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/version"
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/wallet"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/pool"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/authmate"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/version"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/wallet"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"

cmd/s3-gw/app.go

@@ -13,19 +13,20 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/auth"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/cache"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/handler"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/notifications"
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/resolver"
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/frostfs"
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/version"
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/wallet"
-	"github.com/TrueCloudLab/frostfs-s3-gw/metrics"
-	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
-	"github.com/TrueCloudLab/frostfs-sdk-go/pool"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/handler"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/notifications"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/resolver"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/version"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/wallet"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/xml"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/metrics"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	"github.com/gorilla/mux"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/spf13/viper"
@@ -57,8 +58,9 @@ type (
 	}
 
 	appSettings struct {
-		logLevel zap.AtomicLevel
-		policies *placementPolicy
+		logLevel   zap.AtomicLevel
+		policies   *placementPolicy
+		xmlDecoder *xml.DecoderProvider
 	}
 
 	Logger struct {
@@ -152,8 +154,9 @@ func newAppSettings(log *Logger, v *viper.Viper) *appSettings {
 	}
 
 	return &appSettings{
-		logLevel: log.lvl,
-		policies: policies,
+		logLevel:   log.lvl,
+		policies:   policies,
+		xmlDecoder: xml.NewDecoderProvider(v.GetBool(cfgKludgeUseDefaultXMLNSForCompleteMultipartUpload)),
 	}
 }
 
@@ -457,6 +460,8 @@ func (a *App) updateSettings() {
 	if err := a.settings.policies.update(getDefaultPolicyValue(a.cfg), a.cfg.GetString(cfgPolicyRegionMapFile)); err != nil {
 		a.log.Warn("policies won't be updated", zap.Error(err))
 	}
+
+	a.settings.xmlDecoder.UseDefaultNamespaceForCompleteMultipart(a.cfg.GetBool(cfgKludgeUseDefaultXMLNSForCompleteMultipartUpload))
 }
 
 func (a *App) startServices() {
@@ -625,6 +630,7 @@ func (a *App) initHandler() {
 		DefaultMaxAge:      handler.DefaultMaxAge,
 		NotificatorEnabled: a.cfg.GetBool(cfgEnableNATS),
 		CopiesNumber:       handler.DefaultCopiesNumber,
+		XMLDecoder:         a.settings.xmlDecoder,
 	}
 
 	if a.cfg.IsSet(cfgDefaultMaxAge) {
@@ -648,6 +654,8 @@ func (a *App) initHandler() {
 		cfg.ResolveZoneList = a.cfg.GetStringSlice(cfgResolveBucketDeny)
 	}
 
+	cfg.CompleteMultipartKeepalive = a.cfg.GetDuration(cfgKludgeCompleteMultipartUploadKeepalive)
+
 	var err error
 	a.api, err = handler.New(a.log, a.obj, a.nc, cfg)
 	if err != nil {

cmd/s3-gw/app_settings.go

@@ -10,9 +10,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/resolver"
-	"github.com/TrueCloudLab/frostfs-s3-gw/internal/version"
-	"github.com/TrueCloudLab/frostfs-sdk-go/pool"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/resolver"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/version"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
@@ -113,6 +113,10 @@ const ( // Settings.
 	// Application.
 	cfgApplicationBuildTime = "app.build_time"
 
+	// Kludge.
+	cfgKludgeUseDefaultXMLNSForCompleteMultipartUpload = "kludge.use_default_xmlns_for_complete_multipart"
+	cfgKludgeCompleteMultipartUploadKeepalive          = "kludge.complete_multipart_keepalive"
+
 	// Command line args.
 	cmdHelp      = "help"
 	cmdVersion   = "version"
@@ -253,6 +257,10 @@ func newSettings() *viper.Viper {
 	v.SetDefault(cfgPProfAddress, "localhost:8085")
 	v.SetDefault(cfgPrometheusAddress, "localhost:8086")
 
+	// kludge
+	v.SetDefault(cfgKludgeUseDefaultXMLNSForCompleteMultipartUpload, false)
+	v.SetDefault(cfgKludgeCompleteMultipartUploadKeepalive, 10*time.Second)
+
 	// Bind flags
 	if err := bindFlags(v, flags); err != nil {
 		panic(fmt.Errorf("bind flags: %w", err))

config/config.env

@@ -127,3 +127,8 @@ S3_GW_ALLOWED_ACCESS_KEY_ID_PREFIXES=Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZD
 # List of container NNS zones which are allowed or restricted to resolve with HEAD request
 S3_GW_RESOLVE_BUCKET_ALLOW=container
 # S3_GW_RESOLVE_BUCKET_DENY=
+
+# Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse`CompleteMultipartUpload` xml body.
+S3_GW_KLUDGE_USE_DEFAULT_XMLNS_FOR_COMPLETE_MULTIPART=false
+# Set timeout between whitespace transmissions during CompleteMultipartUpload processing.
+S3_GW_KLUDGE_COMPLETE_MULTIPART_KEEPALIVE=10s

config/config.yaml

@@ -149,3 +149,9 @@ resolve_bucket:
   allow:
     - container
   deny:
+
+kludge:
+  # Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse`CompleteMultipartUpload` xml body.
+  use_default_xmlns_for_complete_multipart: false
+  # Set timeout between whitespace transmissions during CompleteMultipartUpload processing.
+  complete_multipart_keepalive: 10s

creds/accessbox/accessbox.go

@@ -10,9 +10,9 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
-	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"golang.org/x/crypto/chacha20poly1305"
 	"golang.org/x/crypto/hkdf"

creds/accessbox/accessbox.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v3.15.8
+// 	protoc        v3.21.12
 // source: creds/accessbox/accessbox.proto
 
 package accessbox
@@ -290,11 +290,12 @@ var file_creds_accessbox_accessbox_proto_rawDesc = []byte{
 	0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24,
 	0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18,
 	0x03, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f,
-	0x6b, 0x65, 0x6e, 0x73, 0x42, 0x40, 0x5a, 0x3e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
-	0x6f, 0x6d, 0x2f, 0x54, 0x72, 0x75, 0x65, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x4c, 0x61, 0x62, 0x2f,
-	0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2d, 0x73, 0x33, 0x2d, 0x67, 0x77, 0x2f, 0x63, 0x72,
-	0x65, 0x64, 0x73, 0x2f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x62, 0x6f, 0x78, 0x3b, 0x61, 0x63, 0x63,
-	0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6b, 0x65, 0x6e, 0x73, 0x42, 0x46, 0x5a, 0x44, 0x67, 0x69, 0x74, 0x2e, 0x66, 0x72, 0x6f, 0x73,
+	0x74, 0x66, 0x73, 0x2e, 0x69, 0x6e, 0x66, 0x6f, 0x2f, 0x54, 0x72, 0x75, 0x65, 0x43, 0x6c, 0x6f,
+	0x75, 0x64, 0x4c, 0x61, 0x62, 0x2f, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2d, 0x73, 0x33,
+	0x2d, 0x67, 0x77, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x62,
+	0x6f, 0x78, 0x3b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

creds/accessbox/accessbox.proto

@@ -2,7 +2,7 @@ syntax = "proto3";
 
 package accessbox;
 
-option go_package = "github.com/TrueCloudLab/frostfs-s3-gw/creds/tokenbox;accessbox";
+option go_package = "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokenbox;accessbox";
 
 
 

creds/accessbox/bearer_token_test.go

@@ -3,10 +3,10 @@ package accessbox
 import (
 	"testing"
 
-	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
-	frostfsecdsa "github.com/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
-	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/stretchr/testify/require"

creds/tokens/credentials.go

@@ -7,11 +7,11 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/TrueCloudLab/frostfs-s3-gw/api/cache"
-	"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
-	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 )
 

debian/control

@@ -5,8 +5,8 @@ Maintainer: TrueCloudLab <tech@frostfs.info>
 Build-Depends: debhelper-compat (= 13), git, devscripts
 Standards-Version: 4.5.1
 Homepage: http://frostfs.info/
-Vcs-Git: https://github.com/TrueCloudLab/frostfs-s3-gw.git
-Vcs-Browser: https://github.com/TrueCloudLab/frostfs-s3-gw
+Vcs-Git: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw.git
+Vcs-Browser: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw
 
 Package: frostfs-s3-gw
 Architecture: any

debian/copyright

@@ -1,13 +1,13 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: frostfs-s3-gw
 Upstream-Contact: tech@frostfs.info
-Source: https://github.com/TrueCloudLab/frostfs-s3-gw
+Source: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw
 
 Files: *
 Copyright: 2018-2022 NeoSPCC (@nspcc-dev), contributors of neofs-s3-gw project
            (https://github.com/nspcc-dev/neofs-s3-gw/blob/master/CREDITS.md)
            2022 True Cloud Lab (@TrueCloudLab), contributors of frostfs-s3-gw project
-           (https://github.com/TrueCloudLab/frostfs-s3-gw/blob/master/CREDITS.md)
+           (https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/src/branch/master/CREDITS.md)
 
 
 License: AGPL-3.0-only

docs/authmate.md

@@ -235,7 +235,7 @@ in example above)
 ### Containers policy
 
 Rules for mapping of `LocationConstraint` ([aws spec](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html#API_CreateBucket_RequestBody)) 
-to `PlacementPolicy` ([frostfs spec](https://github.com/TrueCloudLab/frostfs-spec/blob/master/01-arch/02-policy.md)) 
+to `PlacementPolicy`
 can be set via parameter `--container-policy` (json-string and file path allowed):
 ```json
 {

docs/aws_s3_compat.md

@@ -71,7 +71,9 @@ For now there are some limitations:
 
 ## Multipart
 
-Should be supported soon.
+CompleteMultipartUpload operations may take long time to complete. Gateway
+sends whitespace characters to keep connection with the client alive. In this
+case, gateway is unable to set proper HTTP headers like `X-Amz-Version-Id`.
 
 |    | Method                  | Comments |
 |----|-------------------------|----------|

docs/configuration.md

@@ -184,6 +184,7 @@ There are some custom types used for brevity:
 | `prometheus`       | [Prometheus configuration](#prometheus-section)                |
 | `frostfs`          | [Parameters of requests to FrostFS](#frostfs-section)          |
 | `resolve_bucket`   | [Bucket name resolving configuration](#resolve_bucket-section) |
+| `kludge`           | [Different kludge configuration](#kludge-section)              |
 
 ### General section
 
@@ -495,3 +496,18 @@ resolve_bucket:
 |-----------|------------|---------------|--------------------------------------------------------------------------------------------------------------------------|
 | `allow`   | `[]string` |               | List of container zones which are available to resolve. Mutual exclusive with `deny` list. Prioritized over `deny` list. |
 | `deny`    | `[]string` |               | List of container zones which are restricted to resolve. Mutual exclusive with `allow` list.                             |
+
+# `kludge` section
+
+Workarounds for non-standard use cases.
+
+```yaml
+kludge:
+  use_default_xmlns_for_complete_multipart: false
+  complete_multipart_keepalive: 10s
+```
+
+| Parameter                                  | Type       | SIGHUP reload | Default value | Description                                                                                                                 |
+|--------------------------------------------|------------|---------------|---------------|-----------------------------------------------------------------------------------------------------------------------------|
+| `use_default_xmlns_for_complete_multipart` | `bool`     | yes           | false         | Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse `CompleteMultipartUpload` xml body. |
+| `complete_multipart_keepalive`             | `duration` | no            | 10s           | Set timeout between whitespace transmissions during CompleteMultipartUpload processing.                                     |

go.mod

@@ -1,10 +1,11 @@
-module github.com/TrueCloudLab/frostfs-s3-gw
+module git.frostfs.info/TrueCloudLab/frostfs-s3-gw
 
 go 1.18
 
 require (
-	github.com/TrueCloudLab/frostfs-api-go/v2 v2.0.0-20221212144048-1351b6656d68
-	github.com/TrueCloudLab/frostfs-sdk-go v0.0.0-20230130120602-cf64ddfb143c
+	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.11.2-0.20230315095236-9dc375346703
+	git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20230316081442-bec77f280a85
 	github.com/aws/aws-sdk-go v1.44.6
 	github.com/bluele/gcache v0.0.2
 	github.com/google/uuid v1.3.0
@@ -24,19 +25,12 @@ require (
 	google.golang.org/protobuf v1.28.1
 )
 
-replace (
-	github.com/TrueCloudLab/frostfs-api-go/v2 v2.0.0-20221212144048-1351b6656d68 => github.com/KirillovDenis/frostfs-api-go/v2 v2.11.2-0.20230221082308-ac00938fa447
-	github.com/TrueCloudLab/frostfs-sdk-go v0.0.0-20230130120602-cf64ddfb143c => github.com/KirillovDenis/frostfs-sdk-go v0.0.0-20230221122223-9424a67fb108
-)
-
 require (
-	github.com/TrueCloudLab/frostfs-contract v0.0.0-20221213081248-6c805c1b4e42 // indirect
-	github.com/TrueCloudLab/frostfs-crypto v0.5.0
-	github.com/TrueCloudLab/hrw v1.1.0 // indirect
-	github.com/TrueCloudLab/rfc6979 v0.3.0 // indirect
-	github.com/TrueCloudLab/tzhash v1.7.0 // indirect
+	git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb // indirect
+	git.frostfs.info/TrueCloudLab/hrw v1.2.0 // indirect
+	git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 // indirect
+	git.frostfs.info/TrueCloudLab/tzhash v1.8.0 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20221202181307-76fa05c21b12 // indirect
-	//github.com/aws/aws-sdk-go-v2 v1.16.7 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
@@ -47,6 +41,7 @@ require (
 	github.com/golang/snappy v0.0.3 // indirect
 	github.com/gorilla/websocket v1.4.2 // indirect
 	github.com/hashicorp/golang-lru v0.6.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect